CVE-2015-5505

Name of the Vulnerable Software and Affected Versions Drupal HSTS module versions 6.x-1.x before 6.x-1.1 Drupal HSTS module versions 7.x-1.x before 7.x-1.2

Description The issue is related to the improper implementation of the "include subdomains" directive in the HTTP Strict Transport Security (HSTS) module for Drupal. This causes the HSTS policy to not be applied to subdomains, allowing man-in-the-middle attackers to have an unspecified impact.

Recommendations For Drupal HSTS module version 6.x-1.x, update to version 6.x-1.1 or later. For Drupal HSTS module version 7.x-1.x, update to version 7.x-1.2 or later.